First, I know that "proprietary" is kind of an eye sore, but this is just a project so please bear with me. XD

The project makes use of an Arduino, an Music player IC (Mp3 or MIDI maybe), SD, and a speaker. Basically, the system should only play "proprietary" sound files stored in the SD. The questions is, how can I easily achieve this? (I'm thinking of a PC script to encrypt "proprietary" sound files, then in the Arduino, it checks first if it is properly encrypted.)

But I don't have a concrete approach yet on how to achieve this, (e.g. do I need to encrypt the whole file, what library may be used, etc.).

One simple way would to exclusive or every byte in the file with a key value to scramble it. Then on play back you unscramble it by exclusive oring every byte with the same key value thus restoring the file.The snag is that this would only work with wav files stored on SD cards. Any unscraMbling has to be done my the player so that would rule out MP3 players and the like.

@Grumpy_Mike - at first .WAV was an option, but now its fixed to an MP3 player.

@PeterH -

Quote

You're trying to restrict the device to only play media files that come from you?

You're trying to ensure that no other players can play the media files you create?

Yes and Yes.

Quote

what lengths are you willing to go to to prevent people from overcoming your restrictions?

I'm willing to create a script (for encrypting in PC) and sketch that makes use of already existing cryptographic libraries.

I forgot to mention that the proprietary sound file should only be played with one dedicated player (for proof of concept).e.g. a sound file (SOUND_1.*) can only be played with DEVICE_1 (arduino + mp3 player) and should not be usable/playable with DEVICE_2.SOUND_1.* is the encrypted propietary sound file. DEVICE_1 and DEVICE_2 are the hardware projects.

I'm thinking that this maybe achieved by assigning IDs to the SOUND file before encryption, which is paired with only one DEVICE.

I strongly suggest using another platform for you project. The Arduino is not powerful enough to do a decryption really worth that name in real time (which would be necessary for your project). There are lots of cheap ARM architectures available on the market using an embedded Linux which are powerful enough for this task (Raspberry Pi to give you just one example).

Hello pylon, is it not possible to do it in Arduino? Because we have to make do with what we have right now, which is an arduino.

Maybe there is a simpler approach for it instead of making crpytographic libraries? And also we're planning to minimize the sound file to couple of seconds to minimize the size ( 100kB < size < 1MB )...

You do realize that things such as CSS (DVDs) and even Blu-Ray encryption have been cracked? Big players, such as Sony, have not been able to keep their content from being pirated. The big media companies have spent hundreds of thousands of dollars, probably millions, on copy prevention. To almost no effect.

To quote Bruce Schneier, 'Good encryption is hard'. And, in fact, it's like an arms race -- people work on better encryption, and other people work on cracking it.

I won't say that it's impossible to do what you're describing, but with the vague information you've provided so far, it's pretty difficult for people to give advice, because we don't really know what your end product is. And, sorry to sound as if I'm belittling things, but I have difficulty envisioning a 2-second sound clip that needs any sort of elaborate copy protection. And what's to stop someone from just removing the speaker, attaching a pot across the output leads, and feeding the signal into a recording device?

As far as keeping people from using your device to play any sound clips not supplied by you, well, you could use CRC files or MD5 hash signatures. This would require, though, that the Arduino has a separate record of valid CRC or MD5 signatures for each clip. If the sound clips on the SD card never change, once the device is distributed, this could work. I will say that I've given no thought at all as to whether the Arduino can calculate an MD5 hash or CRC quickly enough for your purposes.

... it is poor civic hygiene to install technologies that could somedayfacilitate a police state. -- Bruce Schneier

Maybe there is a simpler approach for it instead of making crpytographic libraries?

The making of the libraries is the smallest problem. The Arduino platform is not powerful enough for the needed calculations and for the memory needs.

Quote

And also we're planning to minimize the sound file to couple of seconds to minimize the size ( 100kB < size < 1MB )...

An MP3 of 1MB is more than a couple of seconds. But even for 100kB files (I share the view of justjed in the legal aspect of short clips) the Arduino is underpowered. For one reason: it cannot decrypt such an amount in real time or almost real time. For a second reason: it hasn't enough RAM to store the result. An Arduino UNO has 2kB of RAM, most of which would probably be used by your decryption sketch. Where do you plan to store the resulting unencrypted MP3?

The usual MP3 shields read their data directly from the SD card. If you hack that interface you may be able to decrypt your music on the SD card but then again you have decrypted music on the SD card and nobody will keep your users from using that otherwise. Let's say you include two SD card readers and equip the MP3 reader's card yourself. With a hardware hack to get access to that card from the Arduino too (disabling the reader's access), you may be able to get a system that's able to give YOU the imagination of having a secure device. I'd guess you cannot avoid that any clever user of that device will get to the unsecured music.For such a kind of device the Arduino is definitely the wrong platform, my humble opinion.

Thank you justjed and pylon (and others), for your very straight forward and honest opinions! IT IS HIGHLY APPRECIATED! As of now, we're not sure about taking this "proprietary" thing to the next step. But with your insights, we have something to research, and defend in the future.

Thank you anyways, and I hope to be part of the arduino community anytime soon. Consider this case/question closed.